diff --git a/pentesting-web/ssti-server-side-template-injection/README.md b/pentesting-web/ssti-server-side-template-injection/README.md index e4a4d5616..1f33b3810 100644 --- a/pentesting-web/ssti-server-side-template-injection/README.md +++ b/pentesting-web/ssti-server-side-template-injection/README.md @@ -331,6 +331,11 @@ Payload: {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstanc ### Expression Language - EL \(Java\) +* `${"aaaa"}` - "aaaa" +* `${99999+1}` - 100000. +* `#{7*7}` - 49 +* `{{7*7}}` - 49 + EL provides an important mechanism for enabling the presentation layer \(web pages\) to communicate with the application logic \(managed beans\). The EL is used by **several JavaEE technologies**, such as JavaServer Faces technology, JavaServer Pages \(JSP\) technology, and Contexts and Dependency Injection for Java EE \(CDI\). Check the following page to learn more about the **exploitation of EL interpreters**: